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(57) Abstract 

A method for inserting a digital signature into digital data 
is provided. In reference to the figure, the digital data (200) has 
bits and the method includes the steps of: assigning predeter- 
mined bits of the digital data for receiving the digital signature 
(202); signing the digital data excluding the predetermined bits 
(210 and 220) resulting in the digital signature; and inserting the 
digital signature into the predetermined bits of the digital data 
(226) for subsequent authentication of the digital data. Also pro- 
vided is a method for authenticating digital data having the em- 
bedded digital signature in the predetermined bits of the digital 
data including the steps of: extracting the digital signature from 
the predetermined bits; decrypting the digital signature from the 
digital data resulting in a first hash; applying a known one-way 
hash function used by an encoder of the digital data to the digital 
data excluding the predetermined bits resulting in a second hash; 
and comparing the first hash to the second hash wherein if the 
first hash matches the second hash the digital data is authentic. 
In a preferred version of the methods of the present invention, 
the method further includes the step of inserting associated data 
into the digital data (208) prior to the signing step such that the 
digital signature authenticates both the associated data as well as 
the digital data. Preferably, the associated data is inserted into 
the bits of the digital data excluding the predetermined bits. 
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* METHOD AND DEVICE FOR INSERTING AND AUTHENTICATING 

I A DIGITAL SIGNATUR E IN DIGITAL DATA 

» 

The present invention relates generally to methods 
5 and devices for inserting and authenticating a digital 

signature in digital data and, more particularly, encoders and 
decoders for inserting and authenticating a digital signature 
and associated data in digital image, video, and audio data. 

10 Photographs, music and video are increasingly being 

digitally represented. There are a variety of reasons for 
this, including improved image or audio quality and more 
economic distribution capabilities. However, digital data 
content owners (hereinafter "content owners") are increasingly 

15 aware of the associated risks of piracy and considerable 

effort has been directed towards minimizing this risk,. Digital 
watermarking is one tool that has received attention for 
minimizing these risks. An early focus was on the design of 
watermarks that were not perceptible yet survived many forms 

20 of common signal processing such as MPEG -2 or JPEG 
compression. 

It is known in the art that there is also a need for 
fragile watermarks, e.g. watermarks that do not survive simple 
image processing operations. The purpose of these fragile 

25 watermarks is to provide a viewer with an indication of 

whether an image has been tampered with. The integrity of 
digital images is increasingly of concern since many low cost 
software systems allow very sophisticated image editing 
capabilities that can seamlessly alter an image. Currently, 

30 photographs are considered excellent evidence to support 
descriptions of events. However, this may change, if 
widespread "doctoring" of images leads the general public to 
become suspicious of the authenticity of an image. 
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These issues have also been addressed in the art. 
The solution has been one based on classical cryptography 



within which authentication is well understood. The basic 
idea behind cryptographic authentication is to pass the data 
through a one-way hash function resulting in an N-bit hash. 
The N-bit hash is then encrypted using the private key of a 
public key encryption algorithm to form a digital signature. 
To authenticate the data, the data in question is once again 
hashed and this N-bit sequence is compared with the digital 
signature that is decrypted using the associated public key. 

A disadvantage of the system as it was originally 
proposed for a image data was the need for two files, one 
containing the image and the other containing the signature. 
Authentication requires the presence of both files, which can 
be a nuisance since it is very easy, for example, to transmit 
an image but forget to transmit the associated signature. 
Ideally, a single file would suffice. An obvious solution 
would be to concatenate the signature into the header of the 
image file format. However, this solution is problematic when 
images are converted between various file formats, e.g. tiff, 
bmp, etc. 

Recently, Wong [P. H. Wong, "A Public Key Watermark 
for Image Verification and Authentication", Int. Conf . On 
Image Processing, 455-459, Oct. 1998] proposed a 
straightforward way to insert a function of the signature into 
the image itself. Such a system has the advantage of being 
unaffected by changes in image file formats and does not need 
any form of meta-data. Authentication is performed on 
independent blocks of the image. For each block, X r , the least 
significant bit of each pixel is set to zero. This modified 
block is then passed through a hash function, together with 
the original image width and height information. The output 
of this hash function is then exclusive OR'ed (XOR'ed) with a 
corresponding set of bits, B r to form a signature, W r which is 
public key encrypted such that C r =E K , <W r ) and C r is inserted 
into the least significant bit (LSB) of the block to form a 
watermarked image block Y r . Wong teaches that B r is a binary 
image or pattern whose dimensions must be less than or equal 



to the length of the hash. The purpose of the XOR is to 
scrainble the binary image, B r . Subsequently, at decoding, the 
LSB plane of each block is decrypted using the associated 
public key and it is XOR'ed with the hash of the block after 
setting the least significant bits of the block to zero. If 
the block is authentic, i.e. unchanged, then the result is 
once again B r , i.e., XORing a second time with the same hash 
value unscrambles the pattern B r . Otherwise, the pattern 
remains scrambled. Authentication of the image is performed 
by visual inspection of the patterns, B' r , though in practice, 
a computer could perform a bit -wise comparison of B r and B' r . 
Strictly, such a scheme only authenticates the most 
significant bits of each pixel since the LSB is altered so as 
to carry the corresponding encrypted signature. 

Others in the art have described situations in which 
rightful ownership could not be resolved by a straightforward 
application of watermarking. In particular, they identified a 
situation in which anyone could claim ownership of a 
watermarked image through a process whereby a counterfeit 
watermark is inserted. They proposed a solution to this 
problem using a method called "non- invert ible" watermarking. 
The basic idea behind this method is to construct a watermark 
based on a non- invertible function of the original image. An 
example of a non- invert ible function is a one-way hash 
function commonly used in cryptography. Such a function takes 
a string of bits as input and outputs a finite, for example, a 
1000-bit output. However, given the 1000 -bit output, it is 
computationally infeasible to determine the corresponding 
input. It should be noted that such a watermark can only be 
read by the content owner or someone in possession of the 
original image or its hashed key. Thus, a public watermark, 
i.e. a watermark that can be read by anyone, cannot be non- 
invertible or, at least, the benefits of non- invertiblity are 
lost since all readers must have knowledge of the hashed 
value. 

Furthermore, authenticating an image that is to be 



subsequently compressed and later decompressed is troublesome 
with the methods and devices of the prior art. Many in the 
art have looked at this problem from the perspective of 
authentication schemes that survive JPEG compression. That 
is, while the digital data has been altered by the lossy 
compression, the image is essentially the same. 

In the methods and devices of the present invention 
a signature is inserted into predetermined bits of digital 
data for authentication of the digital data. Alternatively, 
both the digital data and some associated information are both 
authenticated. This associated information might include 
copyright notices, owner identification, amongst other things. 
This information may be embedded into the image in a variety 
of ways, as have been discussed in the watermarking 
literature. This embedding is performed prior to signing 
(creating the digital signature by hashing and encrypting) . 

In a version of the methods and devices of the 
present invention, we are concerned with the situation in 
which a compression algorithm is well known to the 
authentication system. This approach is applicable to, for 
example a JPEG compressed image or MPEG compressed video. In 
particular, the present invention is applicable to the problem 
of authentication within a digital camera or other image 
generation devices, though the solution is not limited to such 
a situation. Digital cameras with resolutions of 1K*1K 
produce very large amounts of data which must be both stored 
and possibly transmitted from the camera to a computer. To 
expedite this process, it is expected that such data will be 
compressed in order to reduce the storage and bandwidth 
requirements. However, when the image is eventually 
decompressed, the viewer must still be able to authenticate 
the image. 

In yet another version of the methods and devices of 
the present invention not only is digital data signed for 
authentication purposes but it is also time stamped in order 
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to be able to prove the time of origin. A further refinement 
of this system is to time stamp the image with both time and 
place of the image generation device, the latter information 
preferably being available through a Global Positioning 
5 Satellite (GPS) receiver. 

Accordingly, a method for inserting a digital 
signature into digital data is provided. The digital data 
comprises bits and the method comprising the steps of: 
assigning predetermined bits of the digital data for receiving 
10 the digital signature; signing the digital data excluding the 
predetermined bits resulting in the digital signature; and 
inserting the digital signature into the predetermined bits of 
the digital data for subsequent authentication of the digital 
data. 

15 Also provided is a method for authenticating digital 

data having the embedded digital signature in the 
predetermined bits of the digital data. The method comprises 
the steps of: extracting the digital signature from the 
predetermined bits; decrypting the digital signature from the 

20 digital data resulting in a first hash; applying a one-way 
hashing function to the digital data excluding the 
predetermined bits resulting in a second hash; and comparing 
the first hash to the second hash wherein if the first hash 
matches the second hash the digital data is authentic. 

25 In a preferred version of the methods of the present 

invention, the signing step comprises: applying a one-way 
hashing function to the digital data excluding said 
predetermined bits resulting in a hash; and encrypting the 
hash. 

30 In yet another preferred version of the methods of 

the present invention, the method further comprises the step 
of inserting associated data into the digital data prior to 
the signing step such that the digital signature authenticates 
both the associated data as well as the digital data. 



Preferably, the associated data is inserted into the bits of 
the digital data excluding the predetermined bits. 



Also provided are encoders and decoders for carrying 
out the methods of the present invention. 

These and other features, aspects, and advantages of 
the methods of the present invention will become better 
understood with regard to the following description, appended 
claims, and accompanying drawings where: 

FIG. 1A illustrates a digital image or an image 
frame of a digital video sequence, wherein the image or image 
frame comprises digital data defining a plurality of pixels. 

FIG. IB illustrates the image or image frame of 
FIG. 1A showing the bits comprising each of the plurality of 
pixels, from a most significant bit to a least significant 
bit. 

FIG. 1C illustrates the image or image frame of 
FIG. 1A represented as bit planes, from a most significant 
bit plane to a least significant bit plane. 

FIG. ID illustrates the image or image frame of FIG 
1A in which the digital data is transformed into a frequency 
domain having a high and a low frequency component. 

■ 

FIG. IE illustrates audio digital data represented 
as bit planes, from a most significant bit plane to a least 
significant bit plane. 

FIG. 2A is a flowchart illustrating a preferred 
method of inserting a digital signature into digital data of 
the present invention. 



FIG. 2B is a flowchart illustrating a preferred 
method of authenticating digital data having an embedded 
digital signature in predetermined bits of the digital data. 

FIG. 3 is a schematical illustration of a device for 
signing and/or time stamping digital data for subsequent 
authentication of the both the digital data and the time 
stamp. 

FIG. 4 is a schematical illustration of a device 
for inserting data into a digital having means for receiving 
the inserted data from an external source. 

FIG. 5 is a schematical illustration of a device 
for inserting data into digital data having a recognition 
means for recognizing a user of the device and wherein the 
inserted data is an identifier which identifies the recognized 
user of the device. 

Although this invention is applicable to numerous 
and various types of digital data, it has been found 
particularly useful in the environment of digital image data 
generated with a digital camera. Therefore, without limiting 
the applicability of the invention to image data or a digital 
camera, the invention will be described in such environment. 
However, those of ordinary skill in the art will recognize 
that the methods and devices of the present invention are 
equally applicable to digital video and digital audio data and 
any type of digital data generation device. 

Before discussing the present invention, a brief 
overview of a digital image will be discussed with reference 
to FIGS. 1A-1D. FIG. 1A illustrates a digital image 100. The 
digital image 100 can also be an image frame from a sequence 
of image frames in digital video. The digital image is 
represented by a plurality of image pixels 102, one of which 
is illustrated in the lower right corner of the image 100. 
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Referring now to FIG. IB, each pixel is defined by a 
plurality of bits 104, from a most significant bit (MSB) 106 
most visually perceptible to the human eye, to a least 
significant bit (LSB) 108 least visually perceptible to the 
5 human eye. As can be seen.- in FIG. 1C, each corresponding bit 
for the pixels comprising the image 100 make a bit plane. All 
of the most significant bits 106 of the image pixels 102 
comprise a most significant bit plane 110. Similarly, all of 
the least significant bits 108 of the image pixels 102 

10 comprise a least significant bit plane 112. FIG. IE 

illustrates corresponding digital data from a time series such 
as audio data. The audio digital data is represented as 
samples (columns) 124, wherein each sample is represented by a 
most significant bit 106 down to a least significant bit 108. 

15 The rows of corresponding bits are referred to herein as 
planes, even though they are single rows, from a most 
• significant bit plane 110 to a least significant bit plane 
112. 

The representation of the image 100 in the order of 
20 the significance of the bits which define the pixels is but 
one way of representing the digital data as the image. 
Generally, the digital data comprises a plurality of samples, 
each of the samples being defined by a plurality of bits, 
wherein the samples are pixels for image data, time samples 
25 for audio data, and spatial temporal samples for video data. 

The method would then transform the plurality of bits into an 
alternative representation having at least first and second 
characteristic components. The predetermined bits comprise 
one of the first and second characteristic components. If 
30 associated data is also to be inserted, the associated data is 
inserted into at least a portion of the second characteristic 
component . 

One such way to define the image is to transform the 
digital data into a frequency domain 114 as illustrated in 
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FIG. ID. In the frequency domain, the image 100 is 
transformed into components of high and low frequencies, 116, 
118, respectively. The high frequency component 116 being 
less perceptible to the human eye than the low frequency 
5 component 118. Preferably, the predetermined bits comprise a 
portion of the high frequency component and the associated 
data, if any, is inserted in the remaining high frequency 
component and/or the low frequency component. 

The number of bits needed to sign (insert a digital 
10 signature) or authenticate the image 100 is very small, 

preferably between 128 and 256 bits. This is especially true 
when compared with typical image dimensions of 512x512x24 
bits. Typically, the digital signature is inserted into the 
LSB plane because it is the plane which is least perceptible 
15 to the human eye. However, it is entirely unnecessary to 

alter all the least significant bits of the image 100, only a 
portion of the LSB plane 120 need be altered by the insertion 
of the digital signature. Thus, a simple signing procedure 
inserted into the portion 120 of the LSB plane provides a 
20 basic authentication procedure with the minimal alteration of 
the original image. 

The basic insertion method of the present invention 
is illustrated in some of the steps of FIG. 2A. In step 200, 
the digital data is provided which defines the digital image 

25 (or alternatively, digital video or audio). In step 202, 
predetermined bits of the digital data is assigned for 
subsequent insertion of a digital signature. Preferably, the 
predetermined bits comprise at least a portion of the LSB 
plane 120, however any portion of the digital data can be 

30 assigned as the predetermined bits. The number of the 

predetermined bits is preferably the same as the number of 
bits in the digital signature. However, the number of the 
predetermined bits can alternatively be larger than the size 
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of the digital signature to allow for insertion of more than 
one digital signature or other data. 

Next, the digital data excluding the predetermined 
bits is signed resulting in the digital signature. Any 
signing method known in the art can be used without departing 
from the scope or spirit of the present invention. 
Preferably, the signing is accomplished by first applying a 
one-way hashing function to the digital data excluding the 
predetermined bits resulting in a hash (or hash value) . This 
is shown at step 210. The hash is then encrypted at step 220 
resulting in the digital signature. The digital signature is 
then inserted into the predetermined bits of the digital data 
at step 226. The remaining steps illustrated in the flowchart 
of FIG. 2A are preferable or alternative steps to the method 
previously described. 

The basic method of the present invention for 
authenticating the digital data once the digital signature has 
been inserted into the predetermined bits will now be 
described with reference to FIG. 2B. At step 228 the digital 
signature is extracted from the known location of the 
predetermined bits 120. At step 230 the digital signature is 
decrypted from the digital signature resulting in a first 
hash. At step 232, a known one-way hashing function which is 
used to encode the digital data is applied to the digital data 
excluding the predetermined bits resulting in a second hash. 
At step 234, the first has and the second hash are compared 
and there is a determination of whether or not they match 
(step 236) . If the first and second hashes match (step 238) 
the digital data is authenticated, if they do not match (step 
240) the digital data is not authenticated. The remaining 
steps illustrated in the flowchart of FIG. 2B are preferred 
steps corresponding to some of the preferred steps of FIG. 
2A, which will be discussed below. 
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A limitation of this method is that it does not 
localize the region of the image that has been altered. 
Rather, the algorithm simply declares that the image is or is 
not authentic. There are many situations where this is 
5 adequate. However, it is straightforward to extend this 
approach to a block based method in which each block is 
independently signed. Further, the signature need not be 
placed in the LSB's of an image. The key property is that the 
image is partitioned into two disjoint partitions. The first 

10 partition must capture the key properties that must be 
authenticated. The second partition is a preferably 
redundant, possibly perceptually insignificant region of the 
image. For example, a frequency based system is also possible 
in which the image (or subimages) are first transformed into 

15 the frequency domain 114. Next, the low frequency 

perceptually significant components 118 of the image 100 are 
authenticated while high frequency (perceptually 
insignificant) coefficients 116 are used to hold the digital 
signature. Many other variations are possible, including 

20 inserting into the least significant bits of the transformed 
domain. 

Of course, it is well known that changes to the LSB 
of almost all images cannot be discerned. Thus, the other 
least significant bits, e.g. (512x512x1 - the number used for 

25 the digital signature) offer an opportunity to embed or insert 
more information in the image (step 208) , referred to herein 
as associated data. Methods of the prior art do not 
efficiently utilize these bits since the prior art methods 
require modification of all the least significant bits of a 

30 block. An alternative version of the present invention is to 
simply use this large set of remaining bits to encode 
additional information associated with the image. Such 
information could include, but is not limited to the 
photographer's name, copyright permissions, a public key 
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needed to decrypt the digital signature, a source or owner of 
the digital data such as a photographer who took the digital 
image, and Internet (URL) addresses. Alternatively, the 
associated data 122 can comprise at least two fields 122a, 
122b each having separate data which may be dependent or 
independent from each other. For example, one field 122a may 
contain data identifying a public key needed to decrypt the 
digital signature and the second field 122b may contain data 
identifying the owner of the public key contained in the first 
field 122a. The content owner may choose to encode some of 
this information in the clear, i.e. unencrypted while other 
fields may be encoded. 

Preferably, the associated data is treated as part 
of the image and is signed as well. Thus, not only is the 
image content authenticated but the associated information is 
as well. The associated data is illustrated in FIG. 1C as 
reference numeral 122 and is preferably inserted into the LSB 
plane in a portion excluding the predetermined bits which 
contain the digital signature.- It should be apparent to those 
skilled in the art that embedding the associated data 122 in 
the remaining portion of the LSB plane 108 is only a 
preferable implementation of the methods of the present 
invention, and is given by way of example only. The 
associated data may be embedded in a variety of other ways, 
many of which have been described in the prior watermarking 
art . 

It should be apparent to those skilled in the art, 
that the LSB plane exists analogously in other digital content 
forms. Generally, the digital data can be said to comprises a 
plurality of samples, wherein each of the samples are defined 
by a plurality of bits in the digital data, from a most 
significant bit to a least significant bit. In the case of 
digital image data, each sample is an image pixel, in digital 
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video, each sample is a spatial temporal sample, while in 
digital audio, each sample is a time sample. 

In an alternative version of the insertion methods 
of the present invention, the digital data comprises a 
plurality of samples, audio, video, or image. In this 
alternative, the least significant bit plane in the digital 
data is ignored. The associated data is concatenated to the 
digital data having the ignored least significant bit plane. 
The digital data having concatenated associated data is then 
signed resulting in the digital signature which is inserted in 
the predetermined bits. Where ignoring not only means that 
the least significant bit plane is not passed through the 
hash, but can also mean that all the bits in the LSB plane are 
set to 0 or 1 or to an arbitrary pattern, etc. 

The methods of the present invention are not limited 
to signing the entire digital data. Subregions may also be 
signed. However, it should be apparent to those in the art 
that if the signature remains 128 bits in length, then there 
are 128N bits used for signing when the image is partitioned 
into N blocks. Thus, there may be a tradeoff between 
localization of the tampering and the amount of additional 
information that can be embedded into the image, especially if 
the LSB's are used to store the associated data and the 
signatures. In the limit, if each subblock only contains 128 
pixels, then there is not additional capacity available in the 
LSB plane. Note, however, that Wong requires each sub-block 
to be less than or equal to the hash length, while the methods 
of the present invention preferably require each sub-block to 
be greater than or equal to the hash length. 

Despite the very rapid progress in data storage and 
transmission rates, images still require very significant 
amounts of bandwidth and storage. Consequently, in many 
cases, the content owner will require that the digital data be 



-14- 

compressed, e.g. JPEG for an image, or MPEG for video, for 
economic reasons. In such a situation it is desirable to sign 
the compressed image and, after decompression, have a signed 
image. 

Referring back to FIG. 2A, it is first determined 
whether the digital data is compressed at step 204. If the 
data is not compressed the method follows to sign the digital 
data as previously described. If the digital data is 
compressed, the digital data is decompressed at step 206 such 
that a signature can be computed at steps 210 and 220. The 
digital signature is then be inserted into a header of the 
compressed file at steps 222 and 224. Preferably, the 
decompression algorithm used is modified such that after 
decompression of the image, the signature present in the 
header is copied to the corresponding predetermined bits of 
the decompressed image. 

Referring now to FIG. 2B, when the compressed file 
with the digital signature in the header is authenticated, the 
compressed file is decompressed at step 242 and the digital 
signature in the header is inserted into the predetermined 
bits of the digital data at step 244. If the digital data 
also contains associated data (step 246, YES decision), the 
associated data may be inserted in the header at step 224 and 
into the digital data at step 248 after decompression at step 
242. Alternatively, the associated data may be inserted into 
the image prior to compression and in such a manner that the 
associated data survives the compression step. The method for 
authenticating the digital signature (and associated data if 
present) then follows steps 228 to 24 0 as previously described 
above . 

Alternatively, the authentication capabilities of 
the methods of the present invention are extended to include 
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time stamping which comprises inserting time data into the 
digital data for identifying the time the digital data was 
created. Referring back to FIG. 2A, the basic procedure for 
time stamping digital data consists of first passing the 
5 digital data through a one-way hash function 210 as previously 
described. If the digital data is to be time stamped (step 
212, Yes Decision), the one-way hash and signature are 
transmitted to a trusted third party which concatenates the 
hash, signature, and time data at step 214 and passes the 

10 hash, signature, and the current time/date (time data) through 
another round of one-way hashing at step 216. This hash is 
then encrypted at step 218 using a public key encryption 
method and the encrypted signature and time data are returned 
to the content owner. The signature and time data can again 

15 be encoded in some portion of the predetermined bits of the 
digital data at step 226 as previously described. In such a 
manner, it is possible to both prove that the image has not 
been tampered with and to determine a date by which the 
original content must have existed. It should be apparent to 

20 those skilled in the art that any time stamping procedure 

known in the art can be used without departing from the scope 
or spirit of the present invention. 

This arrangement requires a trusted third party 
stamping organization. Typically, such an organization is 

25 accessible over a network, e.g. the Internet. However, such a 
configuration is not practical for immediately time stamping 
images generated by an image generation device, such as those 
taken by a digital camera, since the digital camera may not 
have access to the trusted third party. Referring now to FIG. 

30 3, an alternative arrangement is to equip each digital camera 
or image generation device 300 having digital data generation 
means 301, such as a digital scanner or digital video camera, 
with a semiconductor chip 3 02 having a tamper resistant clock 
304 and a tamper resistant time stamping circuit 306 such as a 
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public key encryption system that can serve the same roll as 
the trusted third party. Such a device 300 would preferably 
have its private key embedded in a memory 308 such that it was 
inaccessible. The tamper resistant clock would be set at the 
factory and also be unalterable by any user. Preferably, the 
corresponding public key is placed in the clear (unencrypted) 
within a field of the LSB's of the image. The digital data is 
then signed by a signing means 303 using the private key from 
memory 308. If associated data is to be inserted, an 
associated data insertion means 305 inserts the associated 
data into the digital data before signing by the signing means 
303. The associated data (if any), signature, and time stamp 
(if any) are then supplied to an insertion means 307 for 
insertion of the signature and/or time stamp resulting in 
signed and/or time stamped digital data. 

Such tamper resistant hardware could also provide 
information other than time. For example, referring to FIG. 
4, it is possible that image generation devices 300 also be 
equipped for receiving data such as the associated data, from 
an external source 402, such as a GPS (Global Positioning 
Satellite) transmission with a reception means 404 such as an 
antenna. In such circumstances, it is possible to verify not 
only the time the digital data was created (e.g., the time the 
photograph was taken) but also the location. In such a method 
the image generation device 300 would receive the data to be 
inserted, preferably an RF (radio frequency) transmission such 
as from a GPS transmission, insert the data into the digital 
data, and then authenticate the digital data as well as any 
associated data inserted therein as previously described. The 
external source can also be an internet link 406 in which the 
image generation device 400 is linked with a personal computer 
408 having access to the internet 408 and capable of receiving 
the data transmission from an internet site. The data can be 
downloaded fro the digital camera or other image generation 
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device 300 via a memory card slot or through a cable interface 
412 connected to the personal computer 408. 

In the case of digital cameras or other digital 
content creation devices, authentication and time stamping 
5 require the use of a public key encryption system. The device 
encrypts the signature and/or time stamp using the camera's 
private key. The reader must then have knowledge of the 
corresponding public key in order to, say, authenticate the 
image. However, there are potentially millions of such 

10 devices in existence. One important use for the LSB's of an 
image is to hold the corresponding public key of the device, 
such as a camera so as to enable authentication. However, at 
this point all that can be confirmed is that a specific camera 
captured the image. The viewer does not know who took the 

15 photograph. 

In an alternative version of the methods of the 
prior art, this knowledge can also be provided by allowing the 
photographer (user) to program his/her camera (image 
generation device) with his/her name and public and private 

20 keys. The photographer's name, say Adam, and public key may 
be placed in the clear in a field within the LSB's of the 
image (digital data) that are also authenticated. The image, 
together with all the LSB's except those that are used to 
store the signature are then first signed by the camera using 

25 its private key. Next this signature is encrypted using the 
photographer's private key. 

Several levels of signing are possible. This allows 
the image to be signed by the camera (indicating that the data 
has not been processed subsequent to its recording from the 
30 CCD array) , the photographer (identifying the person 

responsible for the image) , the distributor, etc. However, 
earlier levels of signing must leave bits available to 
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accommodate the next level signature and possible associated 
data. For example, a digital camera might sign all the image 
bits except the LSB plane and insert its signature into a 
predetermined field in the LSB plane. Next, the photographer 
5 (either within the camera or on a PC) might insert associated 
data into other fields of the LSB plane and then sign these 
fields together with the signature from the camera. This 
second signature would be placed in another predetermined 
field of the LSB plane. Other iterations are possible, 

10 provided there is space remaining in the predetermined bits to 
store the signature. Note that the photographer signed the 
associated data and the camera's computed signature. This is 
sufficient to know that the photographer took the image, even 
though the second level of signing did not explicitly sign the 

15 image. However, this is an alternative method but is not the 
preferred embodiment since the hashing of the image data a 
second time is unnecessary given the signature from the 
camera . 

Referring now to FIG. 5, a further refinement to 
20 programming the camera with a photographer's public and 
private keys would involve equipping the digital data 
generation means 300, i.e., camera, with a recognition means 
502 such as a biometric identification system like a low cost 
fingerprint recognition system. The camera could then be 
25 programmed with the information of several photographers and 
would select the correct one based on the fingerprint of the 
person holding the camera 300. 

In other words, the image generation device 300 as 
illustrated in FIG. 3 having digital data generation means 301 
30 or other encoding device, would additionally have the 

recognition means 502 and the memory 308 would further store 
an identifier corresponding to each of at least one user of 
the device in one field 308a of the memory 308. The 



identifier is preferably a name of the photographer or other 
identifier such as a social security number. Preferably, a 
private key associated with each user is stored in a second 
field 308b in the memory 308. The recognition means 502 
5 recognizes one of the users whose identifier is stored in the 
first field 308a of the memory 308. The identifier 
corresponding to the recognized user is output to the 
associated data insertion means 3 05 as associated data. 
Preferably, the recognized user's private key is output from 

10 the second field 308b of the memory 308 for use by the signing 
means 303 to sign the digital data, so that one can guarantee 
that the data (image) was never doctored or manipulated by 
secondary processing. As in the embodiment of FIG. 3, the 
associated data (if any), the time stamp (if any), and the 

15 signature are supplied to the insertion means 3 07 for 

insertion of the signature and/or time stamp resulting in 
signed and/or time stamped digital data. However, the digital 
data can also be signed after subsequent processing, such as 
in a P.C. In the case of a digital image taken by a digital 

20 camera, the digital image can first be loaded into a P.C. and 
manipulated with standard software known in the art, and then 
signed, wherein the manipulated image is subsequently 
authenticated. 

Note that while the preferred embodiment has this 
25 second round of encryption occurring within the camera, this 
is not essential. For example, the image signed by the camera 
could be downloaded by the photographer onto a PC where an 
application program would perform the second round of 
encryption. In fact, for digital cameras that do not support 
30 authentication, all of the above procedures could be performed 
offline by a PC. The benefit of a camera based system is that 
the authentication is performed automatically after each 
photograph is taken. However, it is apparent that the 
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photographer could be responsible for signing his work using a 
PC and associated software. 

A viewer first decrypts the signature using the 
photographer's public key, available in a field within the 
5 LSB's of the image. This result is then decrypted using the 
camera's public key, also available within a field of the 
LSB's of the camera. At this point, the decrypted signature 
can be compared with the hash of the image and data to 
determine the authenticity of the whole. 

10 Assuming that the authentication is positive, the 

viewer at this point only knows that someone claiming to be 
Adam was the source of the image. However, there is nothing 
to prevent someone from impersonating Adam. One last step 
therefore remains to be absolutely certain that the 

15 photographer is indeed Adam. The viewer must verify that 

Adam's public key is indeed Adam's. There are a variety of 
ways that this can be accomplished. For example, a trusted 
third party might provide a database listing photographers and 
their associated public keys. Such a database might be 

20 provided by a not-for-profit professional photographic body or 
commercial entity. Such a database might be online and/or 
periodically published much like a telephone directory. A 
less centralized solution might involve accessing the homepage 
of Adam on the Internet, where his public key would be 

25 printed. Of course, the impersonator would also be aware of 
Adam's public key. However, since he does not know Adam's 
private key, it is impossible for him to correctly encrypt the 
signature. This is the great strength of public key 
encryption systems. 

30 A further refinement of the system can be developed 

when it is realized that a photographer may have many cameras. 
In such a situation, the photographer may desire that all 
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cameras owned by him use a single private key associated with 
the photographer. This is in contrast to an individual key for 
each camera. Nevertheless, the tamper resistant chip could 
also include the serial number of the camera, thereby 
identifying which of the photographer's cameras actually took 
the picture. 

It should also be apparent that while this 
description has focused on still images, the methods are also 
applicable to video, audio and multimedia forms of content. 

While there has been shown and described what is 
considered to be preferred embodiments of the invention, it 
will, of course, be understood that various modifications and 
changes in form or detail could readily be made without 
departing from the spirit of the invention. It is therefore 
intended that the invention be not limited to the exact forms 
described and illustrated, but should be constructed to cover 
all modifications that may fall within the scope of the 
appended claims. 
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WHAT IS CLAIMED IS: 



1" 1. A method for inserting a digital signature into 

2 digital data, the digital data comprising bits, the method 

3 comprising the steps of: 

4 assigning predetermined bits of the digital 

5 data for receiving the digital signature; 

6 signing the digital data excluding the 

7 predetermined bits resulting in the digital signature; and 

8 inserting the digital signature into the 

9 predetermined bits of the digital data for subsequent 
10 authentication of the digital data. 

1 2. The method of claim 1, wherein the signing step 

2 comprises: 

3 applying a one-way hashing function to the 

4 digital data excluding said predetermined bits resulting in a 

5 hash; and encrypting the hash. 

1 3. The method of claim 1, wherein the digital data 

2 is selected from a group consisting of image data, video data, 

3 and audio data. 

1 4. The method of claim 1, further comprising the 

2 step of inserting associated data into the digital data prior 

3 to the signing step such that the digital signature 

4 authenticates both the associated data as well as the digital 

5 data. 

1 5. The method of claim 4, wherein the associated 

2 data is inserted into the bits of the digital data excluding 
3" the predetermined bits. 
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. 1. 6. The method of claim 4, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 

" 3" defined by a plurality of the bits, from a most significant 

4 bit to a least significant bit, all of the least significant 

5 bits defining the plurality of samples comprising a least 

6 significant bit plane, wherein the predetermined bits comprise 

7 at least a portion of the least significant bit plane. 

1 7. The method of claim 6, wherein the associated 

2 data is inserted into at least a portion of the remaining 

3 least significant bits in the least significant bit plane. 

1 8. The method of claim 4, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 

3 defined by a plurality of the bits, further comprising the 

4 step of transforming the plurality of bits into an alternative 

5 representation having at least first and second characteristic 

6 components, wherein the predetermined bits comprise the first 

7 characteristic component. 

1 9. The method of claim 6 or 8, wherein the digital 

2 data is an image and each sample is an image pixel. 

1 10. The method of claim 6 or 8, wherein the digital 

2 data is video and each sample is a spatial temporal sample. 

1 11. The method of claim 6 or 8, wherein the digital 

2 data is audio and each sample is a time sample. 

1 12. The method of claim 8, wherein the associated 

2 data is inserted into at least a portion of the second 

3 characteristic component. 

1 13. The method of claim 12, wherein the alternative 

2 representation is a frequency domain representation having 

3 high and low frequency components, wherein the first 
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4. characteristic component is a portion of the high frequency 

5 component and the second characteristic component is the 

6- remaining high frequency component and the low frequency 

7 component. 

1 14. The method of claim 4, wherein at least a 

2 portion of the associated data comprises data identifying a 

3 public key needed to decrypt the digital signature. 

1 15. The method of claim 4, wherein the associated 

2 data comprises data identifying a source of the digital data. 

1 16. The method of claim 4, wherein the associated 

2 data comprises data identifying the identity of an owner of 

3 the digital data. 

1 17. The method of claim 16 , wherein the digital 

2 data is an image and the associated data comprises data 

3 identifying a photographer of the image. 

1 18. The method of claim 4, wherein a portion of the 

2 associated data is encrypted and a remaining portion of the 

3 associated data is unencrypted. 

1 19. The method of claim 4, wherein the associated 

2 data comprises at least two fields. 

1 20. The method of claim 19, wherein at least one of 

2 the fields comprises data identifying a public key needed to 

3 decrypt the digital signature. 

1 21. The method of claim 20, wherein at least one 

2 other field comprises data identifying the owner of the public 

3 key. 
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22. The method of claim 4, further comprising the 
step of receiving the associated data from an external source. 

23. The method of claim 22, wherein the external 
source is a Global Positioning Satellite transmission. 

24. The method of claim 1, wherein the digital data 
is compressed using a compression standard resulting in a 
compressed file, wherein the method further comprises the 
steps of: 

creating a decompressed file prior to the 
signing step; signing the decompressed file resulting in the 
digital signature; and 

inserting the digital signature into a header 
in the compressed file instead of inserting the same into the 
digital data. 

25. The method of claim 4, wherein the digital data 
is compressed using a compression standard resulting in a 
compressed file, wherein the method further comprises the 
steps of: 

creating a decompressed file prior to the 

signing step; 

inserting the associated data into the 
decompressed file; 

signing the decompressed file resulting in the 
digital signature; and 

inserting the digital signature and associated 
data into a header in the compressed file instead of inserting 
the same into the digital data. 
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1. 26. The method of claim 24 or 25 , wherein the 

2 digital data is an image and the compression standard is JPEG. 

m 

1 27. The method of claim 24 or 25, wherein the 

2 digital data is video and the compression standard is MPEG. 

1 28. The method of claim 4, wherein the digital data 

2 comprises a plurality of samples, each of the samples being 

3 defined by a plurality of the bits, from a most significant 

4 bit to a least significant bit, all of the least significant 

5 bits defining the plurality of samples comprising a least 

6 significant bit plane, wherein the method further comprises 

7 the steps of : 

8 ignoring the least significant bit plane in the 

9 digital data; 

10 concatenating the associated data to the 

11 digital data having the ignored least significant bit plane 

12 prior to the signing step; 

13 performing the signing step to the digital data 

14 having concatenated associated data resulting in the digital 

15 signature; 

16 wherein the predetermined bits comprise at 

17 least a portion of the least significant bit plane and the 

18 associated data is inserted into at least a portion of the 

19 remaining least significant bits in the least significant bit 

20 plane. 

1 29. The method of claim 1, further comprising the 

2 steps of: 



3- providing time data identifying the time the 

4 digital data was created; 
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5. concatenating the hash and the time data; 

6^ applying a one-way hashing function to the 

7 concatenated hash and time data resulting in a second hash; 

8 and 

9 encrypting the second hash instead of the first 

10 hash to result in a time stamp containing the digital 

11 signature, wherein both the digital data and the time data are 

12 subsequently authenticated. 

1 30. The method- of claim 29, further comprising the 

2 steps of: 

3 transmitting the hash and signature to a third 

4 party for performance of the providing, concatenating, and 

5 encrypting steps; and 

6 receiving the time stamp from the third party 

7 prior to the inserting step. 

1 31. The method "of claim 30, wherein the trusted 

2 third party resides at an internet address and the 

3 transmitting and receiving steps are done through the 

4 internet. 

1 32. The method of claim 29, wherein the time stamp 

2 is provided by a semiconductor chip having a tamper resistant 

3 clock and a tamper resistant time stamping circuit, wherein 

4 the clock outputs the time data which together with the 

5 digital signature is signed by the circuit to output the time 

6 stamp. 



1 33. The method of claim 4, further comprising the 

2 steps of: 
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3* storing an identifier in a memory corresponding 

4 to each of at least one user of a device which creates the 

5 ? digital data; 

6 recognizing a user of the device whose identifier is stored in 

7 the memory; and 

8 outputting the identifier corresponding to the 

9 recognized user from the memory to be inserted as the 
10 associated data. 

1 34. The method of claim 33, further comprising the 

2 steps of storing a private key for signing the digital data in 

3 the memory corresponding to each user and using the private 

4 key for signing the digital data. 

1 35. The method of claim 33 , wherein the recognizing 

2 step is accomplished by a fingerprint recognition system. 

1 36. The method of claim 33, wherein the identifier 

2 is a name of the recognized user. 

1 37. A method for authenticating digital data having 

2 an embedded digital signature in predetermined bits of the 

3 digital data, the method comprising the steps of: 

4 extracting the digital signature from the 

5 predetermined bits; 

6 decrypting the digital signature from the 

7 digital data resulting in a first hash; 

8 applying a one-way hashing function used by an 

9 encoder of the digital data to the digital data excluding the 
10 predetermined bits resulting in a second hash; and 
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. 11^ comparing the first hash to the second hash 

12 wherein if the first hash matches the second hash the digital 

- 13* data is authentic. 

1 38. The method of claim 37, wherein the digital 

2 data is selected from a group consisting of image data, video 

3 data, and audio data. 

1 39. The method of claim 37, wherein the digital 

2 data further comprises associated data inserted into known 

3 bits of the digital data, wherein the method authenticates 

4 both the associated data as well as the digital data. 

1 40. The method of claim 39, wherein the associated 

2 data is inserted into the bits of the digital data excluding 

3 the predetermined bits. 

1 41. The method of claim 39, wherein the digital 

2 data is compressed using a compression standard resulting in a 

3 compressed file and wherein the digital signature and 

4 associated data are contained in a header in the compressed 

5 file, wherein the method further comprises the steps of: 

6 decompressing the compressed file; and 

7 replacing the signature and associated data 

8 from the header into the predetermined bits and the known 

9 bits, respectively, prior to the extracting step. 

1 42. An encoder for inserting a digital signature 

2 into digital data, the digital data comprising bits, the 

3 encoder comprising: 



4 means for assigning predetermined bits of the 

5 digital data for receiving the digital signature; 
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6.' means for signing the digital data excluding 

7 the predetermined bits resulting in the digital signature; and 

8 means for inserting the digital signature into 

9 the predetermined bits of the digital data for subsequent 
10 authentication of the digital data. 

1 43. The encoder of claim 42, wherein the means for 

2 signing comprises: 

3 means for applying a one-way hashing function 

4 to the digital data excluding said predetermined bits 

5 resulting in a hash; and 

6 encrypting the hash. 

1 44. The encoder of claim 42, wherein the digital 

2 data is selected from a group consisting of image data, video 

3 data, and audio data. 

1 45. The encoder of claim 42, further comprising 

2 means for inserting associated data into the digital data 

3 prior to signing the digital data such that the encoder 

4 authenticates both the associated data as well as the digital 

5 data* 

1 46. The encoder of claim 45, wherein the associated 

2 data is inserted into the bits of the digital data excluding 

3 the predetermined bits. 

1 47. The encoder of claim 45, wherein the digital 

2 data comprises a plurality of samples, each of the samples 

3 being defined by a plurality of the bits, from a most 

4 significant bit to a least significant bit, all of the least 
5* significant bits defining the plurality of samples comprising 

6 a least significant bit plane, wherein the predetermined bits 
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7. comprise at least a portion of the least significant bit 

8 plane. 

1 48. The encoder of claim 47, wherein the associated 

2 data is inserted into at least a portion of the remaining 

3 least significant bits in the least significant bit plane. 

1 49. The encoder of claim 45, wherein the digital 

2 data is an image comprising a plurality of samples, each of 

3 the samples being defined by a plurality of the bits, further 

4 comprising means for transforming the plurality of bits into 

5 an alternative representation having at least first and second 

6 characteristic components, wherein the predetermined bits 

7 comprise the first characteristic component. 

1 50. The encoder of claim 47 or 49, wherein the 

2 digital data is an image and each sample is an image pixel. 

1 51. The encoder of claim 47 or 49, wherein the 

2 digital data is video and each sample is a spatial temporal 

3 sample. 

1 52. The encoder of claim 47 or 49, wherein the 

2 digital data is audio and each sample is a time sample. 

1 53. The encoder of claim 49, wherein the associated 

2 data is inserted into at least a portion of second 

3 characteristic component. 

1 54. The encoder of claim 53, wherein the 

2 alternative representation is a frequency domain 

3 representation having high and low frequency components, 

4 wherein the first characteristic component is a portion of the 

5 high frequency component and the second characteristic 

6 component is the remaining high frequency component and the 

7 low frequency component. 
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- 1- 55. The encoder of claim 45, wherein at least a 

2 portion of the associated data comprises data identifying a 

' 3" public key needed to decrypt the digital signature. 

1 56. The encoder of claim 45, wherein the associated 

2 data comprises data identifying a source of the digital data. 

1 57. The encoder of claim 45, wherein the associated 

2 data comprises data identifying the identity of an owner of 

3 the digital data. 

1 58. The encoder of claim 57, wherein the digital 

2 data is an image and the associated data comprises data 

3 identifying a photographer of the image. 

1 59. The encoder of claim 45, wherein a portion of 

2 the associated data is encrypted and a remaining portion of 

3 the associated data is unencrypted. 

1 60. The encoder of claim 45, wherein the associated 

2 data comprises at least two fields. 

1 61. The encoder of claim 60, wherein at least one 

2 of the fields comprises data identifying a public key needed 

3 to decrypt the digital signature. 

1 62. The encoder of claim 61, wherein at least one 

2 other field comprises data identifying the owner of the public 

3 key. 

1 63. The encoder of claim 57, further comprising 

2 means for receiving the associated data from an external 

3 source. 

1 64. The encoder of claim 63, wherein the external 

2 source is a Global Positioning Satellite transmission. 
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1* 65, The encoder of claim 42, wherein the digital 

2 data is compressed using a compression standard resulting in a 

3" compressed file, wherein the encoder further comprises: 

4 means for creating a decompressed file prior to 

5 signing the digital data; 

6 means for signing the decompressed file 

7 resulting in the digital signature; and 

8 means for inserting the digital signature into 

9 a header in the compressed file instead of inserting the same 
10 into the digital data. 

1 66. The encoder of claim 45, wherein the digital 

2 data is compressed using a compression standard resulting in a 

3 compressed file, wherein the encoder further comprises: 

4 means for creating a decompressed file prior to 

5 signing the digital data; 

6 means for inserting the associated data into 

7 the decompressed file; 

8 means for signing the decompressed file with 

9 the associated data inserted therein resulting in the digital 

10 signature; and 

11 means for inserting the digital signature and 

12 associated data into a header in the compressed file instead 

13 of inserting the same into the digital data. 

1 67. The encoder of claim 65 or 66, wherein the 

2 digital data is an image and the compression standard is JPEG. 
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1. 68, The encoder of claim 65 or 66, wherein the 

2 digital data is video and the compression standard is MPEG. 

m 

m 

1 69. The encoder of claim 45, wherein the digital 

2 data comprises a plurality of samples, each of the samples 

3 being defined by a plurality of the bits, from a most 

4 significant bit to a least significant bit, all of the least 

5 significant bits defining the plurality of samples comprising 

6 a least significant bit plane, wherein the encoder further 

7 comprises: 

8 means for ignoring at least a portion of the 

9 least significant bit plane in the digital data; 

10 means for concatenating the associated data to 

11 the digital data having the ignored least significant bit 

12 plane prior to signing the digital data; 

13 means for signing the digital data having the 

14 concatenated associated data resulting in the digital 

15 signature; 

16 wherein the predetermined bits comprise at 

17 least a portion of the least significant bit plane and the 

18 associated data is inserted into at least a portion of the 

19 remaining least significant bits in the least significant bit 

20 plane. 

1 70, The encoder of claim 45, further comprising: 

2 means for providing time data identifying the 

3 time the digital data was created; 

* 

4 means for concatenating the hash and the time 

5 data; 
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* 6- means for applying a one-way hashing function 

7 to the concatenated hash and time data resulting in a second 

" 8' hash; and 

9 means for encrypting the second hash instead of 

10 . the first hash to result in a time stamp containing the 

11 digital signature, wherein both the digital data and the time 

12 data are subsequently authenticated. 



1 71. The encoder of claim 70 , further comprising: 

2 means for transmitting the hash to a third 

3 party for providing the time stamp and concatenating the hash 

4 and time stamp; and 

5 means for receiving the second hash from the 

6 third party prior to encryption. 

1 72. The encoder of claim 71, wherein the trusted 

2 third party resides at an internet address and the means for 

3 transmitting and receiving is a computer capable of accessing 

4 the internet and receiving the transmitted second hash. 

1 73. The encoder of claim 70, further comprising a 

2 semiconductor chip having a tamper resistant clock and a 

3 tamper resistant time stamping circuit, wherein the clock 

4 outputs the time data which together with the digital 

5 signature is signed by the circuit to output the time stamp. 

1 74. The encoder of claim 45, further comprising: 

2 a memory for storing an identifier 

3 corresponding to each of at least one user of a device which 

4 creates the digital data; 
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5- recognition means for recognizing a user of the 

6 device whose identifier is stored in the memory; and 

7 output means for outputting the identifier 

8 corresponding to the recognized user from the memory to be 

9 inserted as the associated data. 

1 75. The encoder of claim 74 , wherein a private key 

2 for signing the digital data is also stored in memory 

3 corresponding to each user, wherein the identifier is inserted 

4 as associated data and the private key is used to sign the 

5 digital data. 

1 76. The encoder of claim 74, wherein the 

2 recognition means is a fingerprint recognition system. 

1 77. The encoder of claim 76, wherein the identifier 

2 is a name of the recognized user. 

1 78. A decoder for authenticating digital data 

2 having an embedded digital signature in predetermined bits of 

3 the digital data, the decoder comprising: 



4 means for extracting the digital signature from 

5 the predetermined bits; 

6 means for decrypting the signature from the 

7 digital data resulting in a first hash; 

8 means for applying a one-way hashing function 

9 to the digital data excluding the predetermined bits resulting 
10 in a second hash; and 



11 
12 
13 



means for comparing the first hash to the 
second hash wherein if the first hash matches the second hash 
the digital data is authentic. 
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1- 79. The decoder of claim 78, wherein the digital 

2 data is selected from a group consisting of image data, video 

3" data, and audio data. 

1 80. The decoder of claim 78, wherein the digital 

2 data further comprises associated data inserted into known 

3 bits of the digital data wherein the decoder authenticates 

4 both the associated data as well as the digital data. 

1 81. The decoder of claim 80, wherein the associated 

2 data is inserted into the bits of the digital data excluding 

3 the predetermined bits. 

1 82. The decoder of claim 80, wherein the digital 

2 data is compressed using a compression standard resulting in a 

3 compressed file and wherein the digital signature is contained 

4 in a header in the compressed file, wherein the decoder 

5 further comprises: 

6 means for decompressing the compressed file; 

7 and 

8 means for replacing the signature from the 

9 header into the predetermined bits, prior to extracting the 
10 digital signature from the predetermined bits. 

1 83. The decoder of claim 80, wherein the digital 

2 data is compressed using a compression standard resulting in a 

3 compressed file and wherein the digital signature and 

4 associated data are contained in a header in the compressed 

5 file, wherein the decoder further comprises: 

6 means for decompressing the compressed file; 

7 and 
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8^ means for replacing the signature and 

9 associated data from the header into the predetermined bits 

"10" and the known bits, respectively, prior to extracting the 

11 digital signature from the predetermined bits. 

1 84 . A method for inserting data into digital data 

2 for subsequent authentication of the digital data, the method 

3 comprising the steps of: 

4 receiving data from an external source; 

5 inserting the data into the digital data; and 

6 authenticating the digital data. 

1 85. The method of claim 84, wherein the external 

2 source is a radio frequency transmission. 

1 86. The method of claim 84, wherein the external 

2 source is an internet link. 

1 87. The method of claim 84, wherein the inserted 

2 data is used for authenticating information associated with 

3 the digital data. 

1 88. A device for inserting data into a digital data 

2 for subsequent authentication of the digital data, the device 

3 comprising: 

4 means for receiving data from an external 

5 source; 

6 means for inserting the data into the digital 

7 image; and 

8 means for authenticating the digital data. 
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1- 89. The device of claim 88, wherein the external 

- 

2 source is a radio frequency transmission and the means for 

3" receiving the data comprises an antenna. 

1 90- The device of claim 88 , wherein the external 

2 source is an internet link and the means for receiving the 

3 data comprises a computer capable of accessing the internet 

4 and receiving the data. 

1 91. The device of claim 88, wherein the inserted 

2 data is used for authenticating information associated with 

3 the digital data. 

1 92. A method for inserting time data into digital 

2 data for subsequent authentication of both the time data and 

3 the digital data, the method comprising the steps of: 

4 providing a semiconductor chip having a tamper 

5 resistant clock and a time stamping circuit; 

6 outputting the digital signature and time data 

7 from the clock to the time stamping circuit; 

8 signing the time data and the digital signature 

9 resulting in a time stamp; and 

10 authenticating the digital data and the time 

11 data. 

1 93. A device for inserting time data into digital 

2 data for subsequent authentication of both the time data and 

3 the digital data, the device comprising: 



4 a semiconductor chip having a tamper resistant 

5 clock and a tamper resistant stamping circuit; 
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6 means for outputting the digital signature and 

7 time data from the clock to the time stamping circuit; and 

8 means for signing the time data and the digital 

9 signature resulting in a time stamp. 

1 94. The device of claim 88 or 93, wherein the 

2 device is a digital image generation device and the digital 

3 data represents an image. 

1 95. The device of claim 94, wherein the image 

2 generation device is selected from a group consisting of a 

3 digital camera, a digital video camera, and a digital scanner. 

1 96. A method for inserting data into digital data, 

2 the device comprising: 

3 storing an identifier corresponding to each of 

4 at least one user of a device which creates the digital data; 

5 recognizing a user of the device whose 

6 identifier is stored in the memory; 

7 outputting the identifier corresponding to the 

8 recognized user from the memory; and 

9 inserting data corresponding to the identifier 
10 into the digital data. 

1 97. The method of claim 96, wherein the inserted 

2 data is used for authenticating the digital data. 

1 98. The method of claim 96, wherein the inserted 

2 data is used for authenticating information associated with 

3 the digital data. 
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L- 99. The method of claim 96, wherein the identifier 

2 is a name of the recognized user. 

1 100. A device for inserting data into digital data, 

2 the device comprising: 

3 a memory for storing an identifier 

4 corresponding to each of at least one user of the device; 

5 recognition means for recognizing a user of the 

6 device whose identifier is stored in the memory; 

7 means for outputting the identifier 

8 corresponding to the recognized user from the memory; and 

9 means for inserting data corresponding to the 
10 identifier into the digital data. 

1 101. The device of claim 100, wherein a private key 

2 for signing the digital data is also stored in memory 

3 corresponding to each user, wherein the identifier is inserted 

4 into the digital data and the private key is used to 

5 subsequently sign the digital data. 

1 102. The device of claim 100, wherein the 

2 recognition means is a fingerprint recognition means. 

1 103. The device of claim 100, wherein the device is 

2 a digital image generation device and the digital data 

3 represents an image. 

1 104. The device of claim 100, wherein the image 

2 generation device is selected from a group consisting of a 

3 digital camera, a digital video camera, and a digital scanner. 
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